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- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 

1 . This action is in response to the application filed on 06/01/2001 . 

2. Claims 1-13 are pending. 



Information Disclosure Statement 
3. An initialed and dated copy of Applicant's IDS form 1449, Paper No. 04, is attached to 
the instant Office action. 



Claim Rejections - 35 USC §102 
4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless ~ 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AIPA 
35 U.S.C. 102(e)). 
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5. Claim 1, 2, 5, 8, and 9 are rejected under 35 U.S.C. 102(e) as being anticipated by US 

Patent No. 6,601,1 14 to Bracha et al., hereinafter called Bracha. 
Per claims 1 and 2: 
Bracha disclose: 

- A code verification system (col. 7, lines 55-56 "instructions verification within the verify 
instructions step") 

- memory for storing (col. 10, line 53 "storage device into memory") ; a compiled program 
(col. 10, lines 46-47 "instructions typically generated by a compiler ") and 

- a code verifier configured to analyze instructions of said program (col. 10, line 62 
"verification is performed by the JVM" and col. 10, lines 65-66 "verification includes 
identifying. . . instruction sequence") and to generate a plurality of type signatures based 
on said instructions (col. 17, lines 30-32 "pre-verification constraints... stored... or the 
module itself, or both. . . have attached a signal, such as a digital signature "), each of said 
type signatures indicating each input type constraint and each output type description for 
a respective one of said instructions (col. 17, lines 33-35 "can be used to reliably 
identify the source of the module or constraints and indicate whether they may have 
been tampered with since being signed"), wherein said code verifier is configured to 
detect a type error by analyzing said type signatures (col. 17, lines 36-37 "intra-module 
verification checks of validity... during conventional verification"). 
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Per claim 5: 

Bracha disclose: 

- memory for storing a compiled program (col. 10, line 53 "storage device into memory" 
and col. 10, lines 46-47 "instructions typically generated by a compiler "); and 

- a code verifier configured to analyze a code block of said program (col. 10, line 62 
"verification is performed by the JVM" and col. 10, lines 65-66 "verification includes 
identifying... instruction sequence") and to translate instructions within said code block 
into a plurality of type signatures (col. 17, lines 30-32 "pre-verification constraints... 
stored. . . or the module itself, or both. . . have attached a signal, such as a digital 
signature "), said code verifier further configured to compose said type signatures into a 
single composed type signature and to detect a type error by analyzing said type 
signatures (col. 17, lines 36-37 "intra-module verification checks of validity... during 
conventional verification") 

Per claims 8 and 9: 

Bracha disclose: 

- storing a compiled program (col. 10, line 53 "storage device into memory" and (col. 10, 
lines 46-47 "instructions typically generated by a compiler "); 

- generating a plurality of type signatures based on instructions within said program (col. 
17, lines 30-32 "pre-verification constraints. . . stored. . . or the module itself, or both. . . 
have attached a signal, such as a digital signature "), each of said type signatures 
indicating each input type constraint and each output type description for a respective one 
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of said instructions (col. 17, lines 33-35 "can be used to reliably identify the source of the 
module or constraints and indicate whether they may have been tampered with since 
being signed"); 

- analyzing said type signatures; and detecting a type error based on said analyzing step 
(col. 17, lines 36-37 "intra-module verification checks of validity... during conventional 
verification") 

Substantially as claimed. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this 
title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a 
whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

7. Claim 3, 4, 6, 7, and 10-13 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bracha in view of US Patent No. 6,092,147 to Levy et al., hereinafter called Levy. 

Per claim 11: 
Bracha disclose: 

- storing a compiled program (col. 10, line 53 "storage device into memory" and (col. 10, 
lines 46-47 "instructions typically generated by a compiler ");, said compiled program 
having at least one code block that includes a plurality of instructions (col. 9, lines 50-55 
"a compiler 164 which compiles the source code 162 to produce one or more modules 
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165, 166 containing instructions such as VM instructions, and a processor such as a 
virtual machine (VM) 167 which takes one or more modules 165, 166 as input and 
executes the program they generate"); 

- translating said instructions into a plurality of type signatures (col. 17, lines 30-32 "pre- 

verification constraints. . . stored. . . or the module itself, or both. . . have attached a 
signal, such as a digital signature "); 

- analyzing said type signatures (col. 10, line 62 "verification is performed by the JVM" 

and col. 10, lines 65-66 "verification includes identifying... instruction sequence"); and 
detecting a type error based on said analyzing step (col. 17, lines 36-37 "intra-module 
verification checks of validity... during conventional verification") 

Bracha does not explicitly disclose composing said type signatures into a single composed type 
signature. 

However, Levy discloses in an analogous computer system composing said type 
signatures into a single composed type signature (col. 7, lines 25-26 "authenticity verifier 82... 
compute a proof of authenticity on the bytecode(s) received from the outside world" and col. 7, 
lines 32-34 "a message authentication code of a pre-defined form computed with a block-cipher 
algorithm, or a digital signature of a pre-defined form computed with an asymmetric algorithm"). 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to incorporate the method of code verifier composing the signature and 
determine the input constraint to an output constraint as taught by Levy into the method of 
verification code as taught by Bracha. The modification would be obvious because of one of 
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ordinary skill in the art would be motivated to compose the verification signature and determine 
input/output constraints to securely distribute code as suggested by Levy (col. 2, lines 17-30). 

Per claims 3, 7, 10, and 13: 

The rejection of claim 1, 5, 10, and 1 1 is incorporated, respectively, and further, Bracha disclose: 

- wherein said code verifier is further configured to analyze said program and to group 
instructions of said program into a plurality of code blocks (col. 18, lines 62-65 "FIG. 8 
shows how a module, which has been verified one-module-at-a-time before run time") 

- wherein said code verifier is configured to translate said code blocks into type signature 
blocks (col. 17, lines 40-42 "substantially complete module-by-module pre-verification 
can be performed for the intra-module checks" and col. 17, lines 30-32 "pre-verification 
constraints. . . stored. . . or the module itself, or both. . . have attached a signal, such as a 
digital signature ") 

- each of said type signature blocks having one or more type signatures (col. 17, lines 31- 
32 "module itself, or both.. . have attached a signal, such as a digital signature "), 

Bracha does not explicitly disclose said code verifier further configured to compose the type 
signatures of each of said type signature blocks into a single respective composed type signature. 

However, Levy discloses in an analogous computer system said code verifier further 
configured to compose the type signatures of each of said type signature blocks into a single 
respective composed type signature (col. 7, lines 25-26 "authenticity verifier 82... compute a 
proof of authenticity on the bytecode(s) received from the outside world" and col. 7, lines 32-34 
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"a message authentication code of a pre-defined form computed with a block-cipher algorithm, 
or a digital signature of a pre-defined form computed with an asymmetric algorithm"). 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to incorporate the method of code verifier composing the signature and 
determine the input constraint to an output constraint as taught by Levy into the method of 
verification code as taught by Bracha. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to compose the verification signature and determine 
input/output constraints to securely distribute code as suggested by Levy (col. 2, lines 17-30). 

Per claim 4: 

The rejection of claim 3 is incorporated, and further, Bracha disclose: 

- said code verifier further configured to make a determination as to whether an input type 
constraint of said first type signature is acceptable to an output type description of said 
second type signature (col. 17, lines 33-35 "can be used to reliably identify the source of 
the module or constraints and indicate whether they may have been tampered with since 
being signed 55 ) 

- said code verifier further configured to detect said type error based on said determination 
(col. 17, lines 36-37 "intra-module verification checks of validity... during conventional 
verification 5 ') 

Bracha does not explicitly disclose wherein said code verifier, in composing one of said type 
signature blocks, is configured to compose a first type signature with a second type signature to 
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form a single composed signature, said first and second type signatures included within said one 
type signature block. 

However, Levy discloses in an analogous computer system wherein said code verifier, in 
composing one of said type signature blocks, is configured to compose a first type signature with 
a second type signature to form a single composed signature, said first and second type 
signatures included within said one type signature block (col. 7, lines 25-26 "authenticity verifier 
82. . . compute a proof of authenticity on the bytecode(s) received from the outside world" and 
col. 7, lines 32-34 "a message authentication code of a pre-defined form computed with a block- 
cipher algorithm, or a digital signature of a pre-defined form computed with an asymmetric 
algorithm"). 

The feature of composing signature blocks would be obvious for the reasons set forth in 
the rejection of claim 3. 

Per claims 6 and 12: 

The rejection of claim 5 and 1 1 is incorporated, respectively, and further, Bracha disclose: 
- wherein said code verifier is further configured to detect said type error by comparing 
said type descriptions (col. 17, lines 36-37 "intra-module verification checks of 
validity. . .during conventional verification") 

Bracha does not explicitly disclose wherein one of said type signatures includes a type 
description indicative of a type of an input consumed by one of said instructions when said one 
instruction is executed, wherein another of said type signatures includes a type description 
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indicative of a type of an output produced by another of said instruction when said other 
instruction is executed. 

However, Levy discloses in an analogous computer system wherein one of said type 
signatures includes a type description indicative of a type of an input consumed by one of said 
instructions when said one instruction is executed (col. 7, lines 35-38 "The authenticity verifier 
82 ensures that no bytecode(s) may reach the VM 78 or be executed by the VM unless the 
authenticity verifier has first successfully verified the authenticity of such bytecode(s)"), wherein 
another of said type signatures includes a type description indicative of a type of an output 
produced by another of said instruction when said other instruction is executed (col. 8, line 65 to 
col. 9 line 1 "a proof of authenticity may be generated, as described above, and the proof of 
authenticity may be appended to the verified bytecode(s) to produce an authenticated bytecode 
file"). 

The feature of signatures including type description of input/output would be obvious for 
the reasons set forth in the rejection of claim 3. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

The following patent is cited to further show the state of the art with respect to ***. 
US Pub. No. 2003/0154468 to Gordon et al. 
US Patent No. 6,618,769 to Bracha et al. 
US Patent No. 6,546,546 to Van Doom 



Application/Control Number: 09/871,778 



Page 1 1 



Art Unit: 2124 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Satish S. Rampuria whose telephone number is 703-305-8891. 
The examiner can normally be reached on 8:30 am to 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kakali Chaki can be reached on (703) 305-9662. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Satish S. Rampuria . *^^-fz/\s* LA**--* 




Patent Examiner 
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06/14/2004 




